JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.203.47.116

85.203.47.116 was found in our database!

This IP was reported 68 times. Confidence of Abuse is 35%: ?

35%

ISP	Falco Networks B.V.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS42708
Domain Name	falco-networks.com
Country	🇩🇰 Denmark
City	Copenhagen, Capital Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.203.47.116

Whois 85.203.47.116

IP Abuse Reports for 85.203.47.116:

This IP address has been reported a total of 68 times from 27 distinct sources. 85.203.47.116 was first reported on January 28th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2025-10-12 12:49:59 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 12 08:49:42.611721 2025] [security2:error] [pid 3169:tid 3189] [client 85.203.47.116:34323] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.fishrapper.com\|F\|2"] [data ".com.sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.fishrapper.com"] [uri "/here-fishy.com.sql"] [unique_id "aOuj5sgtrqdqu5rEIQ_hTgAAAJA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-10-08 16:42:49 (7 months ago)	wordpress-trap	Web App Attack
🇺🇸 TPI-Abuse	2025-09-25 23:36:30 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 25 19:36:15.774352 2025] [security2:error] [pid 1886352:tid 1886352] [client 85.203.47.116:26393] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|lundtrading.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lundtrading.com"] [uri "/back/backup.sql"] [unique_id "aNXR78OwwHvlFfe1qYYpIgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Penny Packer	2025-09-18 20:56:21 (8 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇦🇺 MAGIC	2025-08-28 01:10:46 (9 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2025-08-27 09:20:30 (9 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 27 05:20:16.246539 2025] [security2:error] [pid 17216:tid 17216] [client 85.203.47.116:32257] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|intercotrading.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "intercotrading.com"] [uri "/old/www.sql"] [unique_id "aK7N0OufcCxgH0xUoaBiDAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇿 Tripwire	2025-08-15 11:45:14 (9 months ago)	Scanning for backup files	Web App Attack
🇺🇸 TPI-Abuse	2025-07-20 21:38:13 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 20 17:38:08.377785 2025] [security2:error] [pid 13378:tid 13385] [client 85.203.47.116:48451] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|lancasterdesignercraftsmen.org\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lancasterdesignercraftsmen.org"] [uri "/bak/dump.sql"] [unique_id "aH1hwMCvTE3fiuWcE1Bc-gAAAIU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-07 00:20:41 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 06 20:20:26.218747 2025] [security2:error] [pid 12109:tid 12109] [client 85.203.47.116:2339] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|thebullmemecoin.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "thebullmemecoin.com"] [uri "/mysql.sql"] [unique_id "aGsSyorv-WemdbDn7vUyuAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-14 03:10:15 (11 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 13 23:09:58.412355 2025] [security2:error] [pid 2557538:tid 2557538] [client 85.203.47.116:1615] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|powderriverinc.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "powderriverinc.com"] [uri "/backups/backup.sql"] [unique_id "aEzoBuSchbdIhYLFP_5IZwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-11 14:46:06 (11 months ago)	(mod_security) mod_security (id:210730) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 11 10:45:52.485500 2025] [security2:error] [pid 1154068:tid 1154068] [client 85.203.47.116:26371] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.nationalenq.com\|F\|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.nationalenq.com"] [uri "/restore/wallet.dat"] [unique_id "aEmWoLLkGQYpfTmyHcOPKgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-03 04:35:26 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 85.203.47.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 03 00:35:10.379151 2025] [security2:error] [pid 303600:tid 303600] [client 85.203.47.116:33827] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 85.203.47.116 (+1 hits since last alert)\|ssion.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ssion.com"] [uri "/xmlrpc.php"] [unique_id "aD57fj_HqQd-84JBRCRahgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-06-03 00:38:18 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇭🇰 www.winos.me	2025-06-03 00:15:58 (1 year ago)	xmlrpc does not allow access	Web App Attack
Anonymous	2025-05-07 02:17:47 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH

Showing 31 to 45 of 68 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 137.184.228.138

🇮🇳 125.23.41.122

🇨🇳 115.190.171.196

🇺🇸 35.188.112.111

🇺🇸 23.95.48.146

🇵🇰 223.123.72.210

🇬🇧 198.244.183.81

🇩🇪 194.88.98.106

🇬🇧 185.247.137.41

🇧🇷 177.126.132.44

🇺🇸 165.22.156.250

🇺🇸 162.144.73.123

🇺🇸 151.240.67.39

🇩🇪 69.5.169.36

🇺🇸 66.132.186.239

🇺🇸 65.181.127.40

🇺🇸 193.26.115.76

🇬🇧 185.249.74.198

🇺🇸 157.230.142.126

🇺🇸 135.180.153.48